Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News

12/22/2015
06:30 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Center for Internet Securitys Critical Security Controls V. 6.0 Downloads Top 12,560

Three New Companion Guides to the CIS Controls Released

East Greenbush, N.Y. – December 15, 2015 – The Center for Internet Security (CIS) announced today that more than 12,560 individuals and organizations have downloaded the CIS Critical Security Controls for Effective Cyber Defense Version 6.0 since their release to the public on October 15, 2015. The CIS Controls are a recommended set of actions that provide specific ways to stop today’s most pervasive and dangerous cybersecurity attacks. CIS also announced the release of three new Companion Guides to the CIS Controls today

“These new guides represent the ecosystem of working aids we're developing along with the CIS Controls to combat the increasing challenges and complexity of cybersecurity. Our expert panels will continue to create Companion Guides such as these to address specific challenges using the CIS Controls,” said Tony Sager, Senior Vice President and Chief Evangelist at the Center for Internet Security. “The same privacy content was in the recent V. 6.0 of the CIS Controls, but since our panel of experts and I consider privacy of such paramount importance, we opted to release this information in a separate Companion Guide as well,” he added.   

 

The three new Companion Guides to the CIS Critical Security Controls Version 6.0 are:

Internet of Things Security Companion to the CIS Critical Security Controls V. 6.0

A proliferation of smart devices are driving increased connectivity to custom corporate intranets to the Internet, providing adversaries and hackers new access vectors to launch attacks against these important networks. This Companion Guide for the CIS Critical Security Controls outlines how the CIS Controls are directly applicable to the current and future Internet of Things (IoT) networks.

Mobile Security Companion
to
the CIS Critical Security Controls V. 6.0

Mobile devices are starting to replace laptops for regular business use.  Organizations are building or porting their applications to mobile platforms, so users are increasingly accessing the same data with mobile as with their laptops.  Also, organizations have increasingly implemented Bring Your Own Device (BYOD) policies to manage this trend. This Companion Guide helps individuals and organizations apply the CIS Controls to tackle the problems inherent in the increased use of mobile devices.

Toward A Privacy Impact Assessment (PIA) Companion to the
CIS Critical Security Controls V 6.0

 

An effective posture of enterprise cybersecurity need not, and indeed, should not compromise individual privacy.  Many laws, regulations, guidelines, and recommendations exist to safeguard privacy, and enterprises will, in many cases, adapt their existing policies on privacy as they apply the Center for Internet Security Critical Security Controls for Cyber Defense Version 6.0. At a minimum, use of the CIS Controls should conform to the general principles embodied in the Fair Information Practice principles (FIPs) [1] and in Privacy by Design.[2]

An appendix was included in the CIS Critical Security Controls for Effective Cyber Defense Version 6.0 released October 15, 2015 to address the importance of safeguarding privacy and is now a stand-alone Companion Guide. It provides a framework to help organizations create a Privacy Impact Assessment.

According to CIS Chief Executive Officer Jane Holl Lute, “Effective cybersecurity should not compromise individual privacy. Every organization needs to look at their cybersecurity posture in order to assess and mitigate potential privacy risks. The new Companion Guides provide solutions for many of these challenges, including safeguarding users’ privacy configurations, patching vulnerabilities, and restricting unauthorized users.

The CIS Critical Security Controls panel experts dedicate themselves to ensuring the CIS Controls represent the community's best insight into threat, vulnerability, and defensive technology. The panelists also work to make sure the CIS Controls can be supported through cost-effective solutions.

“These new Companion Guides are great resources for individuals and organizations. We are grateful to the global cybersecurity leaders who devoted their personal time to the development of these guides,” said Steve Spano, President and Chief Operating Officer, Center for Internet Security.

Several members of the CIS team also provided development support for the new version of the Controls and Companion Guides. The CIS Controls and the new Companion Guides are on the Center’s website at http://www.cisecurity.org/critical-controls.cfm.

 

About the CIS Critical Security Controls V. 6.0

This free set of internationally recognized measures are developed, refined, and validated by a large international community of leading security experts. The CIS Critical Security Controls for Effective Cyber Defense Version 6.0 documentthe most important actions of cyber hygiene that every organization should implement to protect their information technology (IT) networks. A study by the Australian government Department of Defense revealed 85% of known cybersecurity vulnerabilities can be stopped by deploying the Top 5 CIS Controls. This includes taking an inventory of IT assets, implementing secure configurations, patching vulnerabilities, and restricting unauthorized users.

About the Center for Internet Security

The Center for Internet Security (CIS) is a 501(c)(3) organization dedicated to enhancing the cybersecurity readiness and response among public and private sector entities. Utilizing its strong industry and government partnerships, CIS combats evolving cybersecurity challenges on a global scale and helps organizations adopt key best practices to achieve immediate and effective defenses against cyber attacks. CIS is home to the Multi-State Information Sharing and Analysis Center (MS-ISAC), CIS Security Benchmarks, and CIS Critical Security Controls. To learn more please visit CISecurity.org or follow us on Twitter at @CISecurity.



[2] See https://www.privacybydesign.ca.  The approach discussed in this Annex draws  heavily on public sector approaches in the United States, but can be adapted for any jurisdiction.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
US Formally Attributes SolarWinds Attack to Russian Intelligence Agency
Jai Vijayan, Contributing Writer,  4/15/2021
News
Dependency Problems Increase for Open Source Components
Robert Lemos, Contributing Writer,  4/14/2021
News
FBI Operation Remotely Removes Web Shells From Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/14/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-1074
PUBLISHED: 2021-04-21
NVIDIA Windows GPU Display Driver for Windows, R390 driver branch, contains a vulnerability in its installer where an attacker with local system access may replace an application resource with malicious files. Such an attack may lead to code execution, escalation of privileges, denial of service, or...
CVE-2021-1075
PUBLISHED: 2021-04-21
NVIDIA Windows GPU Display Driver for Windows, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where the program dereferences a pointer that contains a location for memory that is no longer valid, which may lead to code execution, denial of se...
CVE-2021-1076
PUBLISHED: 2021-04-21
NVIDIA GPU Display Driver for Windows and Linux, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys or nvidia.ko) where improper access control may lead to denial of service, information disclosure, or data corruption.
CVE-2021-1077
PUBLISHED: 2021-04-21
NVIDIA GPU Display Driver for Windows and Linux, R450 and R460 driver branch, contains a vulnerability where the software uses a reference count to manage a resource that is incorrectly updated, which may lead to denial of service.
CVE-2021-1078
PUBLISHED: 2021-04-21
NVIDIA Windows GPU Display Driver for Windows, all versions, contains a vulnerability in the kernel driver (nvlddmkm.sys) where a NULL pointer dereference may lead to system crash.